Request filtering - Fingerprint Docs

To provide device intelligence, Fingerprint runs on the client device — inside the browser or a mobile app. Client-side code can be easily examined, therefore, the API key you use to make identification requests to Fingerprint is by definition a public API key. To prevent malicious actors from misusing your public API key and inflating your Fingerprint costs, you can filter out unwanted identification requests. These requests are not billed and will receive an error instead of the identification result.

To filter requests from web browsers by origin or HTTP header, see Request filtering for websites.
To filter requests from mobile apps by package names or bundle IDs, see Request filtering for mobile apps.
To filter requests from common indexing and AI bots, see Search bot request filtering and AI bot request filtering respectively.
To filter requests from a range of IP addresses, see Network request filtering.

We rolled out the beta for Request Filtering V2.New iteration of request filtering gives you more flexibility and control when blocking unwanted identification requests. You have full control over order of execution, and you can create more complex rules by using our flexible expression language.

What’s Next

Start your free workspace now

Protecting from client-side tampering and replay attacks Request filtering for websites

Documentation Index